Question : Poweshell Exchange 2010 Remove-Mailbox Permission denied

I have a simple powershell script that service desk staff use to delete users.

The script deletes the user and mailbox using the command Remove-Mailbox. Obviously the script loads the Exchange 2010 powershell snapin.

The problem is, when the service desk run the script they get the following error when the Remove-Mailbox portion of the script is run:

Remove-Mailbox : Active Directory operation failed on tempinsdc.dom1.now. This error is not retriable. Additional
information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151D12, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
At line:1 char:15
+ Remove-Mailbox <<<<  tagain
    + CategoryInfo          : NotSpecified: (0:Int32) [Remove-Mailbox], ADOperationException
    + FullyQualifiedErrorId : 4399785,Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox

You would think a simple permissions issue right? It could be, but not one I am aware of.

The service desk users ARE able to delete users and mailboxes using the EMC and using Remove-Mailbox command-let from the EMS, it just doesn't work when running from powershell (either via the script or just running the Remove-Mailbox command-let manually after the exchange 2010 snapin has been loaded).

I am hoping someone can tell me the cause of this behavior and how to fix it. I am after the root cause not workarounds.

The powershell script is below:

 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:

#Add exchange 2010 snap in for mailbox creation
Add-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 -ea silentlyContinue

#Grabs username from command line to use in deleting
$username = $args[0]

#Set domain
$domain = "dom1.now"

#Setup share information
$fileserver = "Alexandria"
$share = "$username$"

#Setup paths to user folders
$homedrivepath = "\\alexandria\d$\users\" + $username
$profilepath = "\\alexandria\d$\profiles\" + $username

if ($username -eq $null){
	Write-Host "No user specified"
	Write-Host "Script format is: "
	Write-Host "-----------------"
	Write-Host ".\DeleteStaff.ps1 username"
}
else{

    #Delete user account and mailbox
    Write-Host "Deleting $username's mailbox and user account"
    Remove-Mailbox -Identity $username -Permanent $true 

    #Remove Share
    Write-Host "Removing users homefolder share"
    (Get-WmiObject -Class Win32_Share -ComputerName $fileserver -Filter "Name='$share'").InvokeMethod("Delete",$null) | Out-Null

    #Remove Homedrive folder
    Write-Host "Removing home drive folder"
    Remove-Item $homedrivepath -recurse

    #Remove Profile folder
    Write-Host "Removing Profile folder"
    Remove-Item $profilepath -recurse

    #Replicate Changes to other DCs
    Write-Host "Replicating user deletion to all domain controllers"
    $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain","$domain")
    $dclist = [System.DirectoryServices.ActiveDirectory.DomainController]::findall($context)
    foreach($dc in $dclist)
    {
    	$dc.SyncReplicaFromAllServers(([ADSI]"").distinguishedName,'CrossSite')
    }

    Write-Host "User $username deleted"
}


Any help is appreciated.

Answer : Poweshell Exchange 2010 Remove-Mailbox Permission denied

Yes they have remote shell.

I ended up just modify the script so it doesn't load the exchange management shell snap in and they just run it from the exchange management shell itself. It works fine like that.

No idea as to what cause the original problem still.
Random Solutions  
 
programming4us programming4us